package com.cdut.logistics.intercepter.system;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpSession;

import com.cdut.logistics.model.dao.datacentre.User;
import com.jfinal.aop.Interceptor;
import com.jfinal.aop.Invocation;
import com.jfinal.core.Controller;

public class AuthorityIntercepter implements Interceptor {

	public void intercept(Invocation inv) {
		Controller controller=inv.getController();
		HttpSession sen = inv.getController().getSession();
		User dao=new User();
		Map m=new HashMap(); 
		//用session获取access_token
		String access_token=controller.getPara("access_token");
		sen.setAttribute("access_token", access_token);
		String uri = controller.getRequest().getRequestURI();
		System.out.println("uri=======111======="+uri);
		if(uri.equals("/ulms_project/user1/login")||uri.equals("/ulms_project/user1/renderLogin")){
			inv.invoke();
			System.out.println("登陆操作，权限校验通过");
		}
		else{
		String[] uriname=new String[1];
		try {
			uriname=uri.split("/");
		} catch (Exception e) {
			uriname[0] =uri;
		}
		String funcname=uriname[uriname.length-1];
		String route_name = uriname[uriname.length-2];
		String url = "/"+route_name+"/"+funcname;
		boolean result=false;
		try{
			result=dao.validateIfAuthority(access_token,url);
		}
		catch(Exception e){
			System.out.println("200 数据库系统错误");
			m.put("result",result);
			inv.getController().renderJson(m);
		}
		if(result){
			System.out.println("权限验证通过");
			inv.invoke();
		}
		else{
			System.out.println("权限验证失败");
			m.put("result",result);
			inv.getController().renderJson(m);
		}
		}
	}

}
